The asset and strategic value of "information" has been increasing in every business with the development of information technology ("IT"). The efficient use of information has become an important element in business operations not only in relatively new industrial fields, such as the Internet/telecommunications, social media, etc., but also in conventional industrial fields, such as medical care/health care, finance, and even agriculture and manufacturing.

Meanwhile, cyberattacks that target information as an asset, and other threats of leakage or unauthorized use of information from inside and outside an organization have been rapidly increasing. Cyberattacks that target organizations are especially getting more sophisticated day by day, as can be typically seen in the rise of targeted attacks and double extortion ransomware. Moreover, it is currently an urgent and unavoidable concern for many companies to develop an appropriate system to ensure the uninterrupted use of information systems not only when they are being the subject of a malicious attack, but also in cases of emergencies, including disasters.

In light of these circumstances, ensuring information security/cybersecurity is considered one of the duties that must be performed by managers of organizations, including companies, in expanding their businesses using IT, as expressed in, among others, the "Cybersecurity Management Guidelines" published by the Ministry of Economy, Trade and Industry. With respect to the security of the Internet of Things (IoT), which is a concept that everything, including home appliances, automobiles, robots, and factories, is connected to a network, international standardization is also being promoted as can be seen in the publication of the international standards proposed by the Japanese government based on, among others, the "IoT Security Guidelines."

Taking into account changes in the legal environment of information security/cybersecurity in Japan and overseas, we can provide practical legal advice based on our abundant experience in responding to emergencies, such as leakages or unauthorized use of information, as well as in taking preventive legal measures during normal times, including the formulation of information security policies or contingency plans, or the procurement of cyber insurance. For our clients that are companies and organizations conducting their businesses globally, we are able to organize the best teams of attorneys and experts who, by working together, are able to efficiently resolve information security issues.